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Examiner 

Pramila Parthasarathy 



Applicant requests review of the final rejection in the above-identified application. No amendments are 
being filed with this request. 



This request is being filed with a notice of appeal. 
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EN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



PRE APPEAL BRIEF REQUEST FOR REVIEW 



RECEIVED 
CENTRAL FAX CENTER 

SEP 2 8 2005 



Appl. No.: 09/976,516 Applicant: Patel et al 

Examiner: Parthasarathy, Pramila TC/A.U.: 2136 



Filed: October 12, 2001 
Docket No.: PF0202SNA/10-29 



Accompanying Arguments/Discussion 

Filed September 28, 2005 



Historical Background This application was filed on October 12, 2001. A first Office Action 
rejecting all 20 pending claims was mailed on or about January 26, 2005. An amendment and 
response to the January 26, 2005 office action was Filed on or about April 26, 2005. The April 
26, 2005 Response included an amendment to claim L A final office action was mailed on June 
28, 2005 rejecting all claims on the same grounds as the January 26, 2005 office action. An 
After Final response was filed on August 29, 2005. On September 9, 2005 an Examiner 
Interview was conducted via telephone. On September 16, 2005 an Advisory Action and 
Interview Summary were mailed. 

Claim Status and Request for Review Claims 1-20 are pending and stand rejected on 
varying grounds under § 102(e). No claims have been amended, canceled or added. In view of 
the comments below, Applicant respectfully requests that the Examiner reconsider the present 
application including claims 1-20 and withdraw the rejection of these claims. 

a) Claims 1-20 stand rejected under 35 U.S.C. 102(e) as being clearly anticipated by Joyce 
(US Patent No. 6,519,703). The September 16, 2005 Advisory Action indicated that the 
proposed amendments would not be entered. Applicant is puzzled as there were no proposed 
amendments associated with the August 29, 2005 After Final Response. In any event, the 
Examiner cites Joyce col. 2, line 30 through col. 3, line 5 in support of the Examiner's view that 
Joyce shows or suggests the claimed interrupting in a first router (buffer 24) transmission of a 
data packet further comprising communicating with a second router (buffer 28 or 40) to cause the 
second router to interrupt transmission of a future data packet. 

Claims 1 and 1 1 are in independent form with claims 2-10 dependent on claim 1 and 
claims 12-20 dependent on claim 11 . The present invention concerns node security in a router of 
a packet network. Claim 1 defines a method for providing node security in the router of the 
packet network and claim 1 1 defines in varying scope a corresponding router for providing node 
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security in a packet network. Generally the invention includes analyzing a data packet and 
determining in the router whether the data packet may be harmful to a destination device and if 
so, transmission of the packet is interrupted and a second router is communicated with to cause 
the second router to interrupt transmission of a next or future data packet all as claimed. If no 
problems are detected the data packet is transmitted. 

The Examiner maintains in the June 28, 2005 Final Office Action that Joyce teaches and 
describes a method and router for providing node security in a router of a packet network 
referring to Fig. 1, 2; Summary and Column 2, line 16 - Column 5, line 17. Applicant concedes 
that the firewall arrangement of Joyce deals with security in a packet network and that the 
firewall arrangement may be construed as a router. Applicant however notes that Applicant is 
not claiming all methods and routers for providing node security, rather only those as specifically 
claimed. Joyce discusses a firewall arrangement (FIG. 1 and FIG. 2) that may operate on a Sun 
MicroSystem computer or the like (col. 5, line 34 et. sequence), i.e., operates on one computer 
and thus is at most one router. Applicant concedes that Joyce shows a router and method that 
interrupts transmission of potentially harmful data packets. However, Applicant is unable to 
construe in good faith the discussions of Joyce to show the Joyce router as communicating with 
another router as claimed and respectfully submits that one of ordinary skill in the field would 
not interpret the Joyce firewall as showing more that one router. This is supported by a quick 
web search for Router definition and scanning the results. 

Assuming arguendo that Joyce may be construed as showing two routers and further 
characterizing Joyce with the general focus on the col. 2 et sequence passage cited by the 
Examiner in the September 16, 2005 Advisory Action, the Joyce firewall (Heuristic firewall 10A 
or 10B) receives data packets 22 from the Internet that are sent to analysis stages (16, 18, 20) 
which perform varying "levels" of analysis on these packets (col. 2, lines 36-40) and are also sent 
to a first buffer 24 (viewed as a first router by the Examiner) that holds the packets until a 
decision is made by analysis stage 16 (col. 2, lines 41-43). Based on analysis stage 16 decisions, 
packets are released from buffer 24 to one or more levels of firewall rule bases 12, 14 depending 
on confidence levels or shunted (i.e., interrupt transmission) if the packets appear to have 
problems (low confidence) to a shunt 26 (log or the like) (note FIG. 1 erroneously denotes the 
shunt as 30) (col. 2, line 45 - col. 2, line 54). Acceptable packets (determined via rule based 12, 
14) are sent to a second buffer 28 (viewed as the second router by the Examiner) (col. 2, line 66 - 
col. 3, line 1). Based on confidence results from analysis stages 18, 20 (different than stage 16), 
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packets in buffer 28 are shunted 26 or forwarded (packets that have high confidence) to a 
network 30 (col. 3, line 5 - col. 3, line 10). 

Applicant respectfully submits that Joyce does not show or suggest, in the context as 
recited by claim 1 (analogously by claim 1 1 ) "interrupting transmission of the data packet in 
response to determining that the data packet is potentially harmful to the destination device, the 
interrupting further comprising the step of communicating with a second router to cause the 
second router to interrupt transmission of a future data packet" where the determining the data 
packet is harmful is performed in the router. 

The Examiner maintains that the first buffer 24 may be viewed as the claimed router thus 
showing or suggesting "determining in the router whether the data packet is potentially harmful 
to the destination device". The first buffer 24 together with the analysis stage 16 or rule base 12, 
14 may be viewed as determining whether there is a problem with a first data packet (first added 
to keep track of various packets if needed) and if there is a problem, transmission is interrupted 
(data packet is shunted 26 for further analysis). If no problem is detected the first data packet is 
released to second buffer 28. Note there is no communication with (data packets or other 
information sent to) the second buffer 28 if a problem is detected at the first buffer 24. Only after 
and when the first data packet is found to be acceptable (according to analysis stage 16 and rule 
base 12 or 14), the first data packet is released to the second buffer 28. The second buffer 28 
either shunts 26 (interrupts transmission) the first data packet if analysis stages 1 8, 20 detect a 
problem or forwards the first data packet to the network 30 if analysis stages 18, 20 do not detect 
a problem. 

There is nothing in Joyce that shows the claimed communication with the second buffer 
28 (a second router) as part of interrupting transmission of the first data packet responsive to 
determining in the fust buffer 24 (router) that the first data packet may be harmful. As noted 
above according to Joyce, when the first buffer 24 determines that a problem exists and interrupts 
transmission of the first data packet, there is no communication with the second buffer 28. 

Furthermore, any communication with the second buffer or any other entity in Joyce does 
not "cause the second router to interrupt transmission of a future data packet 1 ' as claimed. While 
Joyce does allude to analysis of problem packets and spoofing an originator to get additional 
packets for analysis (see for example col. 2 line 55-65), there is no indication that this results in 
communication with the second buffer pursuant to interrupting transmission of a second (future) 
data packet One may speculate that this analysis, etc. will result in some screening of future data 
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packets, but in the end this is mere speculation guided by informed hindsight. All discussions in 
Joyce relate to determining whether there is a problem with current data packets and controlling 
disposition of those current data packets, rather than controlling disposition of future (later, 
subsequent) data packets based on the original determination. 

Thus and at least in view of the above noted reasons, Applicant respectfully submits that 
Joyce clearly does not show or suggest all features of the claimed invention. More specifically, 
Joyce does not show or suggest "interrupting transmission of the data packet in response to 
determining that the data packet is potentially harmful to the destination device, the interrupting 
further comprising the step of communicating with a second router to cause the second router to 
interrupt transmission of a future data packet." 

Applicant in the August 29, 2005 After Final Response also attempted to analyze other 
entities of Joyce that may be construed as candidates for a second buffer and show that these 
other entities similarly do not suggest the claimed features of either claim 1 or claim 1 1 (see page 
4 last paragraph - page 5 of the August 29, 2005 After Final Response). 

Therefore and at least in view of these reasons, Applicant submits that Joyce does not 
show or suggest all features of claim 1 or claim 1 1 or at least by virtue of dependency claims 2- 
10 and 12-20. Hence Joyce clearly does not anticipate claim 1 or claim 1 1 or at least by virtue of 
dependency claims 2-10 and 12-20. Applicant thus respectfully requests that the Examiner 
reconsider and withdraw the rejection of claims 1-20 under 35 U.S.C. 102(e) as being clearly 
anticipated by Joyce (US Patent No. 6,519,703). 

b) Furthermore, one or more of the dependent claims recite additional features which are not 
shown or suggested by Joyce. Applicant has pointed out specific patentable distinctions between 
claims 3, 4, 7-10 and corresponding claims 13, 14, 17-20 in the April 26, 2005 Amendment and 
again in the August 29, 2005 After Final Response. Applicant will note only the features that are 
not shown or suggested by Joyce in these arguments and refers the reader to page 6 second 
paragraph through page 8 of the August 29, 2005 After Final Response for the full discussions 
and reasoned arguments. 

For example, claim 3 (and corresponding claim 13) recites sending a command to an 
upstream router to intercept future data packets from the originator. Furthermore, claim 4 (and 
corresponding claim 14) recites forwarding an agent to an upstream router, the agent arranged to 
intercept future data packets from the originator. Additionally claim 7 (and corresponding claim 
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17) recites a feature where once a data packet has been deemed suspicious it is decided to 
monitor future data packets having the same source or destination address as claimed. As a last 
example, Claims 8-10 (and corresponding claims 18-20) recite further features having to do with 
collaborating with and identifying an upstream router. None of these more specific features are 
shown or suggested by Joyce. 

Therefore and at least for these additional reasons, Applicant respectfully submits that 
claims 3, 4, 7-10 and 13, 14, 17-20 are allowable over Joyce, since this reference does not show 
or suggest all features of any of these claims. Thus and in view of these additional reasons, 
Applicant respectfully requests that the Examiner reconsider and withdraw this rejection of 
claims 3, 4, 7-10 and 13, 14, 17-20 under 35 U.S.C. 102(e) based on Joyce (U.S. Patent No. 
6,519,703). 

Accordingly, Applicant respectfully submits that the claims, as amended, clearly and 
patentably distinguish over the cited references of record and as such are to be deemed allowable. 
Such allowance is hereby earnestly and respectfully solicited at an early date. If the Examiner 
has any suggestions or comments or questions, calls are welcomed at the phone number below. 

Although it is not anticipated that any fees are due or payable other than the separately 
noted Notice of Appeal fee, the Commissioner is hereby authorized to charge any fees that may 
be required to Deposit Account No. 50-3435. 



Respectfully submitted, 



Law Office of Charles W. Bethards, LLP 
P.O. Box 1622 
CoUeyville, Texas 76034 




Phone (817) 581-7005 
Fax (817) 281-7136 
Customer No. 51874 



Charles W. Bethards 
Reg. No. 36,453 
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